Configuring for Aspera Files

Aspera Connect Server, or Enterprise Server with a Connect-enabled license, must be
configured to use the Aspera Node API, which is required to connect these
standalone, on-premise systems to Aspera Files. The server accesses the Node API
using a node API username and password, that is associated with a local system
account called xfer. All transfers and system operations on the computer
are run under xfer. Thus, to add a server as a Files node, on the server
you must create the system user, configure it as an Aspera transfer user, associate
the transfer user with a node username and password, and configure the server to
work with Files. Files users access the Node API and Files nodes using access keys,
which can be created on the server or in the Files UI.

System Requirements:

Connect Server or Enterprise Server with a Connect-enabled license version 3.6.0
or later.

The public DNS name of the system must be accessible from all internal and
external clients, as well as the computer itself.

Set Up and Configure a Transfer User

Create a system user.

Ensure that the user has read and write privileges to the local directories
or mounts that Aspera must access.

Set a docroot restriction, rather than a docroot.

The docroot restriction allows access only to the specified storage. To
set a docroot restriction, run the following
command:

Aspera recommends that the key be a random string of
at least 20 characters.

Assign the SSH public key associated with the IBM Aspera Connect Browser
Plug-in to xfer.

The Connect Plug-in uses the default Aspera key pair. Run the following
commands to create the .ssh directory, copy the default
public key into that directory and rename it
authorized_keys, and set permissions on the file,
run the following
commands:

For value, enter a number from one to eight. Lower
values (one or two) result in slower updates but less load on Redis.
Higher values (four to eight) increase the load on Redis and the machine
should have twice as many cores. Aspera recommends starting with a value
of five, and adjusting if needed.

If your Redis database is very large and you set a high number of
recursive counts workers, you may encounter out-of-memory problems. To
offset this issue, you can increase the time between background Redis
save events and number of key changes by running the following
command:

>asconfigurator -x "set_server_data;db_config_save,timekey_changes"

The default value is 900 1, which sets the background
save schedule for every 15 minutes (900 seconds) if at least one key
changes. To set this change, you must shut down the Redis database (it
is restarted in the next step) by running the following command with
root or Administrator privileges:

Files does not fully support ascp4 and renaming the
binary prevents the node from running ascp4 commands.
Locate the file in the following directory and rename it:

C:\Program Files[ (x86)]\Aspera\Enterprise
Server\ascp4.exe

Configure Nginx Reverse Proxy and Server Certificates

Aspera strongly recommends protecting your Files transfer nodes with an Nginx
reverse proxy. Transfer nodes expose the asperanoded port in
order to communicate with users' browsers. Normally,
asperanoded runs on port 9092, but nodes that are added
to Files must have asperanoded run on port 443, the standard
HTTPS port for secure browser access. Configuring a reverse proxy in front of
asperanoded provides additional protection (such as
against DOS attacks) and resource handling for requests to the node's 443
port.

The following instructions require that you have valid certificates for the
transfer node added to Files. Nginx is in beta for Windows, so these
instructions are for Linux and UNIX nodes, but can be adapted for Windows.

Download and install Nginx.

Set the HTTPS port to 9092.

>asconfigurator -x "set_server_data;https_port,9092"

Open the Nginx configuration file in a text editor.

Open /etc/nginx/nginx.conf and ensure the following
include directive is present in the
http section. If it is not present, add it to the
file:

http {
…
include /etc/nginx/conf.d/*.conf;
}

Create a file named aspera_node_proxy.conf and save it
in the following location:

Replace /path/to/server_cert.pem with the
location of your server's signed certificate. Include any
intermediate certificates, as described in Installing SSL Certificates.

Replace /path/to/server_key.pem with the
location of your server's private key.

Replace your.servername.com with your server's
domain name.

Restart Nginx.

# service nginx restart

Adding the Node to Files

Once you have created a system user on the server,
configured the user for Aspera, associated it with a node username, configured the
server, and verified your SSL certificates, you may add it as a node in the Files
UI. In the process you are asked for an existing access key and secret, or you can
create a new one. If you prefer to manually create an access key on the server, see
the instructions in Access Key Authentication.